Tag: software supply chain
-
Cloud Blog: Introducing AI-powered app dev with code customization from Gemini Code Assist Enterprise
Source URL: https://cloud.google.com/blog/products/application-development/introducing-gemini-code-assist-enterprise/ Source: Cloud Blog Title: Introducing AI-powered app dev with code customization from Gemini Code Assist Enterprise Feedly Summary: Software development is the engine of the modern economy. However, creating great applications across the tech stack is complex because of an increasing number of abstraction levels, integrations, vendors, and a dearth of experienced…
-
Cloud Blog: You can now sign Microsoft Windows artifacts with keys protected by Cloud HSM
Source URL: https://cloud.google.com/blog/products/identity-security/you-can-now-sign-microsoft-windows-artifacts-with-keys-protected-by-cloud-hsm/ Source: Cloud Blog Title: You can now sign Microsoft Windows artifacts with keys protected by Cloud HSM Feedly Summary: To build trust in the software world, developers need to be able to digitally sign their code and attest that the software their customers are downloading is legitimate and hasn’t been maliciously altered.…
-
Anchore: How to build an OSS vulnerability management program
Source URL: https://anchore.com/blog/build-open-source-software-security-program-with-sbom-generation-and-vulnerability-scanning/ Source: Anchore Title: How to build an OSS vulnerability management program Feedly Summary: In previous blog posts we have covered the risks of open source software (OSS) and security best practices to manage that risk. From there we zoomed in on the benefits of tightly coupling two of those best practices (SBOMs…
-
Slashdot: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting?
Source URL: https://developers.slashdot.org/story/24/09/07/0427219/github-actions-typosquatting-a-high-impact-supply-chain-attack-in-waiting?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the vulnerabilities intrinsic to the GitHub Actions ecosystem, particularly focusing on the threat of typosquatting. It highlights how this form of attack can lead to significant risks in software supply…
-
Anchore: How is Open Source Software Security Managed in the Software Supply Chain?
Source URL: https://anchore.com/blog/open-source-software-security-in-software-supply-chain/ Source: Anchore Title: How is Open Source Software Security Managed in the Software Supply Chain? Feedly Summary: Open source software has revolutionized the way developers build applications, offering a treasure trove of pre-built software “legos” that dramatically boost productivity and accelerate innovation. By leveraging the collective expertise of a global community, developers…